Due Diligence & Data Security
Due Diligence and Data Security
Today, every business has to deal with protecting their sensitive data. Whether organizations are protecting themselves from hackers online or their own recently decommissioned IT hardware, data threat is a growing risk. Most companies have cybersecurity practices in place, but an alarming number of organizations do not have a plan to deal with their decommissioned computers. Having a data security strategy covering both digital (cyber) and physical (decommissioned IT hardware) theft is critical to any organization’s risk
Data privacy laws continue to grow stricter, as illustrated by over a dozen new privacy and security laws that have been enacted over the past few months by both state and federal agencies. The absence of a data security plan could lead to more significant risks and increased fines in the event of a data breach. One of these new regulations is an Amendment to the HITECH Act.
The HITECH Act Amendment offers new incentives to reduce fines and other remedies in the event of a data breach. While the amendment does not include specific language, it does make clear the incentives for covered entities having “certain recognized security practices.” Section 13412(b) of the act defines the term “recognized security practices” as the “standards, guidelines, best practices, methodologies, procedures, and processes developed” under section 2(c)(15) of the National Institute of Standards and Technology (NIST) Act.
Adams Cable Equipment is an R2 certified facility and can help companies meet “certain recognized security practices” regardless of the industry an organization is in. The R2 Standard requires a certified facility, such as Adams Cable Equipment, to meet NIST requirements for data destruction. The R2 certified facility must maintain documented data destruction procedures and maintain records for a specified period of time. An independent third-party auditor then audits these procedures and records yearly to ensure the facility meets R2 and NIST guidelines.
Laws, such as the HITECH Amendment, protect organizations by merely having them able to demonstrate, to some unspecified degree, the existence of recognized security practices. One form of a security practice would be to utilize an R2 certified vendor, such as Adams Cable Equipment, to manage their unneeded electronics. This would allow the organization to show the federal authorities that they were using a vetted and certified company establishing a form of “security practices.” Using a non-certified vendor for your old IT hardware is simply not worth the risk.
READ OUR NEWS AND UPDATES
Read our Kick ACE blog to stay up to date on the latest from Adams Cable Equipment! We share industry news, product expertise, and company updates to keep you informed.